openldap security, bug fix, and enhancement update

2.4.40-8 - NSS does not support string ordering 1231522 - implement and correct order of parsing attributes 1231522 - add multimask and multistrength to correctly handle sets of attributes 1231522 - add new cipher suites and correct AES-GCM attributes 1245279 - correct DEFAULT ciphers handling to...

openldap: incorrect multi-keyword mode cipherstring parsing

A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled...

PT-2015-6129 · Openldap +3 · Openldap +3

Name of the Vulnerable Software and Affected Versions: OpenLDAP affected versions not specified Description: The issue is related to the nss parse ciphers function in OpenLDAP, which does not properly parse OpenSSL-style multi-keyword mode cipher strings. This might cause a weaker than intended...

Slack: RC4 cipher suites detected on status.slack.com

A group of researchers Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt have found new attacks against TLS that allows an attacker to recover a limited amount of plaintext from a TLS connection when RC4 encryption is used. The attacks arise from statistical fla...

CVE-2015-3230

389 Directory Server formerly Fedora Directory Server before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher...

Design/Logic Flaw

389 Directory Server formerly Fedora Directory Server before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher...

UBUNTU-CVE-2015-3230

389 Directory Server formerly Fedora Directory Server before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher...

DEBIAN-CVE-2015-3230

389 Directory Server formerly Fedora Directory Server before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher...

CVE-2015-3230

389 Directory Server formerly Fedora Directory Server before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher...

NetUSB - Kernel Stack Buffer Overflow

NetUSB - Kernel Stack Buffer Overflow !/usr/bin/env python -- coding: utf-8 -- Exploit Title: NetUSB Kernel Stack Buffer Overflow Date: 9/10/15 Exploit Author: Adrian Ruiz Bermudo Vendor Homepage: http://www.kcodes.com/ Version: Multiple:...

Microsoft Cryptographic Cipher Suite Prioritization Advisory (3042058)

This host is missing an important security update according to Microsoft advisory 3042058. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS KB2960358: Update for Disabling RC4 in .NET TLS

The remote host is missing an update for disabling the weak RC4 cipher suite in .NET TLS. Note that even though .NET Framework 4.6 itself is not affected, any Framework 4.5, 4.5.1, or 4.5.2 application that runs on a system that has 4.6 installed is affected. C Tenable Network Security, Inc...

Oracle: Security Advisory (ELSA-2012-1151)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 201310-01

Gentoo Linux Local Security Checks GLSA 201310-01 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Security Advisory - Bar Mitzvah Attack Vulnerability in Huawei Products

A security vulnerability exists in Rivest Cipher 4 RC4 used by TLS and SSL protocols. RC4 cannot provide sufficient data protection. After listening to an SSL or TLS connection, an attacker can obtain plaintext data by brute force cracking. This vulnerability is also called Bar Mitzvah...

F5 Networks BIG-IP : TLS vulnerability (K16674) (Logjam)

The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...

Amazon Linux: Security Advisory (ALAS-2013-172)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

File Encryption Software "ED" where encrypted data may be easier to decipher when files of small size are encrypted

Overview File encyption software "ED" contains an issue when files of small size are encyrpted, they may become easier to decipher in comparison to when files of a larger size are encrypted. When encrypting small files that are smaller than the block size 128 bits, file encryption software "ED"...

CVE-2015-0535

EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORTRSA ciphers via crafted TLS traffic, relate...

Design/Logic Flaw

EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORTRSA ciphers via crafted TLS traffic, relate...